Search Results (83039 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-5347 1 Seagate 2 Personal Cloud, Personal Cloud Firmware 2024-11-21 N/A
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
CVE-2018-5345 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 N/A
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
CVE-2018-5342 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 N/A
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
CVE-2018-5332 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2024-11-21 7.8 High
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
CVE-2018-5331 1 Discuz 1 Discuzx 2024-11-21 N/A
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
CVE-2018-5316 1 Patsatech 1 Sagepay Server Gateway For Woocommerce 2024-11-21 N/A
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
CVE-2018-5313 1 Rapidscada 1 Rapid Scada 2024-11-21 N/A
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.
CVE-2018-5312 1 Wpshopmart 1 Tabs Responsive 2024-11-21 N/A
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.
CVE-2018-5311 1 Tonjoostudio 1 Easy Custom Auto Excerpt 2024-11-21 N/A
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.
CVE-2018-5307 1 Sonatype 1 Nexus Repository Manager 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
CVE-2018-5306 1 Sonatype 1 Nexus Repository Manager 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
CVE-2018-5303 1 Impinj 2 R420 Rfid Reader, R420 Rfid Reader Firmware 2024-11-21 N/A
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user.
CVE-2018-5299 1 Pulsesecure 2 Pulse Connect Secure, Pulse Policy Secure 2024-11-21 N/A
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
CVE-2018-5296 1 Podofo Project 1 Podofo 2024-11-21 N/A
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
CVE-2018-5293 1 Gd Rating System Project 1 Gd Rating System 2024-11-21 N/A
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
CVE-2018-5292 1 Gd Rating System Project 1 Gd Rating System 2024-11-21 N/A
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
CVE-2018-5288 1 Gd Rating System Project 1 Gd Rating System 2024-11-21 N/A
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
CVE-2018-5286 1 Gd Rating System Project 1 Gd Rating System 2024-11-21 N/A
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
CVE-2018-5284 1 Wpscoop 1 Imageinject 2024-11-21 N/A
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.
CVE-2018-5281 1 Sonicwall 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more 2024-11-21 5.4 Medium
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.